NetWitness Community

Summary:  

RSA is pleased to announce the general availability of Security Analytics (SA) 10.5. This release includes several exciting new features and improvements including:

Enhanced Collection and Visibility Capabilities:

¥ Introduction of log collection from Cloud environments with initial support for AWS Cloudtrail as an SA supported log source (ingested on Log Decoder). This feature is available for any customer who has a Log Decoder and is leveraging the AWS cloud environment.

¥ Enhanced visibility by integrating RSA Web Threat Detection (WTD) with SA Incident Management to help centralize management of internal and external threats.

¥ Introduction of Dynamic Event Groups and thresholding for Event Source Monitoring.

Enhanced Investigation Capabilities:

¥ Reconstruction enhancements to support Cascade Style Sheet (CSS) and provide analysts with improved reliability of web page reconstruction.

¥ Enhancements to facilitate the analysis of fragmented sessions.

¥ Streamlined workflow and improved performance.

¥ Inline tooltips and online contextual help.

Enhanced Analytics & Incident Management: (Note: Requires Event Stream Analytics)

¥ Workflow enhancements for Rule Builder including contextual help.

¥ Enhanced Alert enrichment options based on custom DB sources.

¥ Introduction of Trial Mode Rules. This feature allows for content authors to more easily test and deploy testing rules while limiting affects on their production environment.

¥ Incident Management Dashlets and timeline views.

¥ Enhancements for aggregates within reporting.

Enhanced Health & Wellness Capabilities:

¥ Introduction of Policy and Group configurations. Configuration options facilitate administrative workflows for defining/editing Health and Wellness policies as well as adding services and hosts to their environment.

¥ Enhancements for threshold alerting via SMTP and console.

Enhanced Platform Capabilities:

¥ Introduction of usage-based packaging and pricing for throughput per day of packets or logs.

¥ Trust-based licensing model with out-of-the-box activation.

¥ Introduction of Data Privacy capabilities that enable administrative options to obfuscate meta fields associated with identity-based logic as well as restrict access to data based on an organizationÕs data privacy regulations.

¥ Enhancements for User Audit Logging.

A complete list of features can be found in the SA 10.5 Release Notes https://knowledge.rsasecurity.com/scolcms/set.aspx?id=10799

Affected Products:

Security Analytics 10.4.x

Recommendation for current SA Customers:

Customers using earlier versions of Security Analytics are recommended to upgrade to Security Analytics 10.5 at the earliest possible convenience.

¥ SA 10.4.x Customers - Customers may upgrade directly to SA 10.5. RSA encourages customers to review the upgrade instructions and release notes for SA 10.5 for more detail. https://knowledge.rsasecurity.com/scolcms/set.aspx?id=10799

¥ Customers on previous versions of SA - Customer must first upgrade to SA 10.4. 

Recommendations for current NetWitness 9.8 Customers:

Version 10 incorporates a new entitlement capability as well as a centralized license and management server (i.e. SA Server). Any customer migrating to version 10 will need to take appropriate steps as part of their upgrade. Upgraded devices will require a new entitlement that deviates from licensing, as it is known today. As such, the first step a customer will need to take when upgrading is to open a case with Customer Support and Appliance Operations for verification of the current deployment. Based on this verification, new entitlements will be made available through Download Central. Verification will confirm which upgrade option an environment has for deployment of the new SA Server.

Once verification has been completed, the SA Server will need to be brought online and entitlements made available through Download Central. At this point, a customer can begin updating devices within its environment based either through updating all systems or with a phased approach. Note the current NetWitness 9.8 thick clients (admin and Investigator) are forward compatible to work against SA10.x devices.

In addition, NetWitness customers with platforms currently at CentOS 5 will need to upgrade their OS to CentOS 6 as part of the upgrade process.  This additional step in the upgrade process requires physical access to the platforms to update the OS and does preserve the existing configuration and data . 

Recommendation for New Customers:

RSA recommends all new customers review the Release Notes and the User Guide for more technical details around Security Analytics 10.5. See section below for more information about how to register for RSA SecurCare Online.